Trains Are A Cyber Security Risk

Uploaded on 2023-07-31 in BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-Cybersecurity News

Cyber security concerns are increasing along with political tensions, and because critical infrastructures might be at risk from cyber hacks.

So far, attacks used to be limited mainly to Distributed Denial-of-Service (DdoS) attacks that only cause short-term nuisance, but there is real damage that hackers could potentially cause to infrastructures, such as transportation.

Defense against cyber threats of critical infrastructure is now a very significant part of national security, since enemy nations can use ransomware or other types of threats to hack into important networks that are used for purposes like transportation.

The dramatic increase in such threats against rail systems has led to a rise of concern among cyber security experts.

Turns out that the ability to “hack a train” is more real than you think- modern trains and railways have complex digital systems for control and navigation, and everything that’s digital on them can also be hacked.

Malicious actors can disrupt the functioning of trains, ranging from stopping them or manipulating their speeds to sabotaging operations by tampering with railway switches or even causing intentional collisions.

North Korea has reportedly tried to hack South Korea’s rail transit systems and similarly, ransomware has been used to shutdown metro operations in Germany and San Francisco.

Rail systems can be vulnerable in the operations of the tracks which involve a complicated process, the ticketing systems could also be targeted or the safety features of the train can be compromised.

In October 2017, a DDoS attack hit Sweden's transportation network, crashing the system that monitors the trains’ locations, as well as taking down email systems, websites and road traffic maps. Passengers were unable to make reservations or receive updates regarding train status and delays.

More recently in 2022, there was a case in Denmark when trains were stopped for a couple of hours because a third-party IT service provider was hit by a ransomware attack.

The affected company provided a mobile application that train drivers used to access critical operational information, such as speed limits and information on work being done to the railroad.

And in 2022 a hacking group stopped trains in Belarus to disrupt Russia’s military build-up in Ukraine. The attack served a political purpose and attempted to disrupt military aggression.

However, the fact that hackers were able to access such critical infrastructure is a cause for concern.

There are two main threats to railways, the operational and the non-operational environments.

The non-operational environment affects railway companies’ data, which can be stolen and exploited. An example is an attack from April 2023 on the Alaska Railroad Corporation (ARRC), during which cyber criminals stole sensitive information about the company’s vendors and employees from its systems, and a similar case also occurred in the Netherlands in March.

When it comes to the operational environment, malicious actors can disrupt the functioning of trains, which can range from stopping them or manipulating their speeds to sabotaging operations by tampering with railway switches or even causing intentional collisions.

Another different cause for concern is physical ransomware attacks where malicious actors prevent trains from moving until their ransom demands are met.

Furthermore, trains are autonomous, which makes them vulnerable. Intercity trains have very long braking distances, sometimes up to one kilometer, therefore more complex solutions are needed for train safety because they are controlled wirelessly.

Across Europe, trains use standardised train operating systems which contribute to efficiency in the railway industry. The downside of this is that it opens the door for attackers to break into these systems on a wide scale.

Another risk factor is human error- train control systems are maintained by numerous people, which increases the risks of systems being insecurely connected to the Internet or employees using laptops infected with malware.

Trains, as opposed to other industries, have a very extensive lifespan and are expected to remain in service for around 30 years. Consequently, the train control systems currently in use were designed a decade or more ago.

Furthermore, train control systems include a complex system of various elements such as switches, light signals and other components. Maintaining it is challenging, mainly when the maintenance information is either outdated or it is unclear where it is stored.

Two possible solutions are a better and more extensive monitoring system, making sure to keep up to date with the risks of the time, and not getting complacent about the safety of older tech.

iHLS:     Cyber News:     Industrial Cyber:     DXC:     Standard:     Rail Journal:     Security Week

 

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Software Faults Ground F-35 Warplanes
British Surveillance Laws: Apple Might Withdraw Services »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cyber Security Associates (CSA)

Cyber Security Associates (CSA)

Cyber Security Associates provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat.

Nohau

Nohau

Nohau provide services for safe and secure embedded software development.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

SYSGO

SYSGO

SYSGO is the leading European provider of real-time operating systems for critical embedded applications in the Internet of Things (IoT).

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

Liberty Mutual

Liberty Mutual

Liberty Specialty Markets offers specialty and commercial insurance and reinsurance products, including Cyber, across the USA, Europe, Middle East and other international locations.

Mindmajix Technologies

Mindmajix Technologies

Mindmajix is a live and interactive e-learning platform that offers professional online IT training in areas including cyber security.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

ACSG Corp

ACSG Corp

ACSG Corp is a Critical Infrastructure Protection Company with a multi-disciplinary focus on building analytics software for various industry sectors.

Aura

Aura

Aura is a mission driven technology company dedicated to creating a safer internet for everyone. We’re making comprehensive digital security that's simple to understand and easy to use.

r00tz Asylum

r00tz Asylum

r00tz Asylum is a nonprofit dedicated to teaching kids around the world how to love being white-hat hackers.

Pillr

Pillr

Pillr is a cybersecurity operations platform capable of adapting to the demands of your business and team — and the global threat landscape.

Birch Cline Cybersecurity

Birch Cline Cybersecurity

Birch Cline specializes in helping Local Government and Education agencies, as well as mid-market organizations, build and maintain successful cybersecurity programs.